{"id":179410,"date":"2018-08-17T14:19:33","date_gmt":"2018-08-17T19:19:33","guid":{"rendered":"https:\/\/www.ntegrait.com\/billions-of-computer-devices-wont-get-intels-spectre-fix\/"},"modified":"2024-02-06T13:49:58","modified_gmt":"2024-02-06T13:49:58","slug":"billions-of-computer-devices-wont-get-intels-spectre-fix","status":"publish","type":"post","link":"https:\/\/ntegrait.com\/billions-of-computer-devices-wont-get-intels-spectre-fix\/","title":{"rendered":"Billions of Computer Devices Won\u2019t Get Intel\u2019s Spectre Fix"},"content":{"rendered":"<p><strong>17 Product Groups Named-Their Production Halted and Update Support Ended After Irrefutable Evidence Uncovered Flaw in Intel Chips.<\/strong><\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-21081\" src=\"https:\/\/ntegrait.com\/wp-content\/uploads\/2018\/08\/ThinkstockPhotos-902635152.jpg\" alt=\"Intel Processors\" width=\"509\" height=\"338\" \/><\/p>\n<p>The information about the Spectre attacks came to light back in January 2018. Intel and other technology firms and vendors were made aware of research findings by <a href=\"https:\/\/spectreattack.com\/spectre.pdf\">Paul Kocher from Spectreattack.com<\/a> and <a href=\"https:\/\/googleprojectzero.blogspot.com\/2018\/01\/\">Jann Horn from Google Project Zero<\/a>.<\/p>\n<p>Paul\u2019s collaboration team regarding the chip flaw and the notorious Spectre Attacks were:<\/p>\n<ul>\n<li>Daniel Genkin (the University of Pennsylvania and University of Maryland)<\/li>\n<li>Mike Hamburg (Rambus)<\/li>\n<li>Moritz Lipp (Graz University of Technology)<\/li>\n<li>Yuval Yarom (University of Adelaide and Data61)<\/li>\n<\/ul>\n<p>The research findings from Paul Kocher\u2019s team and Jann Horn supported what the U.S. Department of Commerce\u2019s agency, NIST (National Institute of Standards and Technology) found. At NIST\u2019s, National Vulnerability Database website is the research published on January 4, 2018.<\/p>\n<p>Take note of these excerpts, the <u>indirect branch prediction<\/u> and <u>branch prediction<\/u> in both announcements:<\/p>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-5715\">CVE-2017-5715<\/a><\/p>\n<p><strong>Current Description:<\/strong> \u201cSystems with microprocessors utilizing speculative execution and<strong> indirect branch prediction<\/strong> may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.\u201d<\/p>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-5753\">CVE-2017-5753<\/a><\/p>\n<p><strong>Current Description:<\/strong> \u201cSystems with microprocessors utilizing speculative execution and <strong>branch prediction<\/strong> may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.\u201d<\/p>\n<p>After the findings arrived, on January 3, 2018, Intel responds to Paul and Jann\u2019s security research findings with this disbelieving statement: \u201cIntel believes these exploits do not have the potential to corrupt, modify or delete data.\u201d<\/p>\n<p>With the proof in front of them, Intel believed the research reports were flawed and incorrect. The idea of these acts caused by a \u201cbug\u201d, or a \u201cflaw\u201d was not possible. Their explanation was, \u201cthere are many types of computing devices, using different vendor\u2019s operating systems and processors. All are at risk of being exploited.\u201d<\/p>\n<p><strong>But Paul\u2019s team exploited speculative execution and had solid proof.<\/strong><\/p>\n<p>They experimented on multiple x86 processor architectures. They used the Intel Ivy Bridge (i7-3630QM). The Intel Haswell (i7-4650U). The Intel Skylake (unspecified Xeon on Google Cloud) and finally an AMD Ryzen processor.<\/p>\n<p>In every test, the team observed the Spectre vulnerability across all of these CPUs. Similar results on both 32- and 64-bit modes, and both Linux and Windows. Some ARM processors also support speculative execution, and the initial testing confirmed, ARM processors could not pass the test.<\/p>\n<p>When they attacked using native code, they were able to read the entire victim\u2019s memory address space, including the secrets stored within it, with ease.<\/p>\n<p>When they attacked using Java code, they successfully read data from the address space of the browser process running it, with zero effort.<\/p>\n<p><strong>The research evidence was irrefutable. <\/strong><\/p>\n<p>Their results showed there was a flaw in Intel chips.<\/p>\n<p>A day later, January 4, 2018, Intel issues updates to protect systems from security exploits. They released this statement: <em>\u201cIntel has developed and is rapidly issuing updates for all types of Intel-based computer systems \u2014 including personal computers and servers \u2014 that render those systems immune from both exploits (referred to as \u201cSpectre\u201d and \u201cMeltdown\u201d) reported by Google Project Zero.\u201d<\/em><\/p>\n<p>Three months later on April 2, 2018, Intel\u2019s Microcode Revision Guidance is released and what\u2019s inside exposed the truth. In this 19-page pdf document, you will find 17 product groups listed, (color-coded in red), productions halted, and update support has ended.<\/p>\n<p>Looking through the guide, you will find the columns listed by Product Names, Public Name, CPUID, Platform ID, Production Status, Pre-Mitigation Production MCU, STOP deploying these MCU revs, and New Production MCU Rev.<\/p>\n<p>The pages with the discontinued products are below:<\/p>\n<ul>\n<li>Page 4: Bloomfield and Bloomfield Xeon<\/li>\n<li>Page 7: Clarksfield<\/li>\n<li>Page 8: Gulftown and Harpertown Xeon CO &amp; EO<\/li>\n<li>Page 11: Jasper Forest<\/li>\n<li>Page 12: Penryn\/QC<\/li>\n<li>Page 15: SoFIA 3GR<\/li>\n<li>Page 16: Wolfdale CO, MO, EO &amp; RO, Wolfdale Xeon CO &amp; EO<\/li>\n<li>Page 17: Yorkfield &amp; Yorkfield Xeon<\/li>\n<\/ul>\n<p>When you review the columns, you will see one labeled <strong>STOP deploying these MCU revs<\/strong>. Intel\u2019s definition for this column is as follows:<\/p>\n<ul>\n<li>Intel recommends discontinuing using these select versions of MCU that were previously released with mitigations for Variant 2 (Spectre) due to system stability issues.<\/li>\n<\/ul>\n<p>Intel also states in their Microcode Revision Guidance Legend:<\/p>\n<ul>\n<li>\u201cAfter a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release\u201d<\/li>\n<li>\u201cMicrocode updates for these products for one or more reasons including, but not limited to the following:\u201d<\/li>\n<li>\u201cMicro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715)\u201d<\/li>\n<li>\u201cLimited Commercially Available System Software support.\u201d<\/li>\n<li>\u201cBased on customer inputs, most of these products are implemented as \u201cclosed systems\u201d and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.\u201d<\/li>\n<\/ul>\n<p>As you can see, Intel\u2019s exhaustive investigation could not discredit Paul, Jann and NIST\u2019s research and proof. Intel decided, due to microarchitectures and microcode capabilities, for the specific products listed, not to move forward and release microcode updates for these products.<\/p>\n<p>If you own a PC, Mac, or Cell phone, a Spectre attack can <a href=\"https:\/\/www.macworld.com\/article\/3246007\/security\/protect-your-mac-meltdown-spectre-faq.html\">affect your device<\/a>. If you use Cloud Services, your provider\u2019s infrastructure may be vulnerable to a Spectre attack and theft of customer\u2019s data. If your device uses any of Intel\u2019s older microprocessors, you may be shopping around for a new machine.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>17 Product Groups Named-Their Production Halted and Update Support Ended After Irrefutable Evidence Uncovered Flaw in Intel Chips. The information about the Spectre attacks came to light back in January 2018. Intel and other technology firms and vendors were made aware of research findings by Paul Kocher from Spectreattack.com and Jann Horn from Google Project&hellip;<\/p>\n","protected":false},"author":5,"featured_media":158894,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[8],"tags":[65],"class_list":["post-179410","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-mediabytes"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Billions of Computer Devices Won\u2019t Get Intel\u2019s Spectre Fix - IT Services in Virginia<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.ntegrait.com\/billions-of-computer-devices-wont-get-intels-spectre-fix\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Billions of Computer Devices Won\u2019t Get Intel\u2019s Spectre Fix - IT Services in Virginia\" \/>\n<meta property=\"og:description\" content=\"17 Product Groups Named-Their Production Halted and Update Support Ended After Irrefutable Evidence Uncovered Flaw in Intel Chips. The information about the Spectre attacks came to light back in January 2018. Intel and other technology firms and vendors were made aware of research findings by Paul Kocher from Spectreattack.com and Jann Horn from Google Project&hellip;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.ntegrait.com\/billions-of-computer-devices-wont-get-intels-spectre-fix\/\" \/>\n<meta property=\"og:site_name\" content=\"IT Services in Virginia\" \/>\n<meta property=\"article:published_time\" content=\"2018-08-17T19:19:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-06T13:49:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.ntegrait.com\/wp-content\/uploads\/2018\/08\/ThinkstockPhotos-902635152.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"509\" \/>\n\t<meta property=\"og:image:height\" content=\"338\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Steve West\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Steve West\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.ntegrait.com\/billions-of-computer-devices-wont-get-intels-spectre-fix\/\",\"url\":\"https:\/\/www.ntegrait.com\/billions-of-computer-devices-wont-get-intels-spectre-fix\/\",\"name\":\"Billions of Computer Devices Won\u2019t Get Intel\u2019s Spectre Fix - IT Services in Virginia\",\"isPartOf\":{\"@id\":\"https:\/\/www.ntegrait.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.ntegrait.com\/billions-of-computer-devices-wont-get-intels-spectre-fix\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.ntegrait.com\/billions-of-computer-devices-wont-get-intels-spectre-fix\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/ntegrait.com\/wp-content\/uploads\/2018\/08\/ThinkstockPhotos-902635152.jpg\",\"datePublished\":\"2018-08-17T19:19:33+00:00\",\"dateModified\":\"2024-02-06T13:49:58+00:00\",\"author\":{\"@id\":\"https:\/\/www.ntegrait.com\/#\/schema\/person\/33156c118f002b88019c3fc70441bf79\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.ntegrait.com\/billions-of-computer-devices-wont-get-intels-spectre-fix\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.ntegrait.com\/billions-of-computer-devices-wont-get-intels-spectre-fix\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ntegrait.com\/billions-of-computer-devices-wont-get-intels-spectre-fix\/#primaryimage\",\"url\":\"https:\/\/ntegrait.com\/wp-content\/uploads\/2018\/08\/ThinkstockPhotos-902635152.jpg\",\"contentUrl\":\"https:\/\/ntegrait.com\/wp-content\/uploads\/2018\/08\/ThinkstockPhotos-902635152.jpg\",\"width\":509,\"height\":338},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.ntegrait.com\/billions-of-computer-devices-wont-get-intels-spectre-fix\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/ntegrait.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Billions of Computer Devices Won\u2019t Get Intel\u2019s Spectre Fix\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.ntegrait.com\/#website\",\"url\":\"https:\/\/www.ntegrait.com\/\",\"name\":\"IT Services in Virginia\",\"description\":\"Ntegra IT\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.ntegrait.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.ntegrait.com\/#\/schema\/person\/33156c118f002b88019c3fc70441bf79\",\"name\":\"Steve West\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ntegrait.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3cc273f166c78aca895198956663df42?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3cc273f166c78aca895198956663df42?s=96&d=mm&r=g\",\"caption\":\"Steve West\"},\"description\":\"Ntegra IT is devoted to providing reliable Computer Support to businesses that want to improve productivity and profitability. We deliver custom designed Network Services that better map to your business, so you can stop worrying about your technology and get back to achieving your business goals.\",\"url\":\"https:\/\/ntegrait.com\/author\/swestntegrait-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Billions of Computer Devices Won\u2019t Get Intel\u2019s Spectre Fix - IT Services in Virginia","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.ntegrait.com\/billions-of-computer-devices-wont-get-intels-spectre-fix\/","og_locale":"en_US","og_type":"article","og_title":"Billions of Computer Devices Won\u2019t Get Intel\u2019s Spectre Fix - IT Services in Virginia","og_description":"17 Product Groups Named-Their Production Halted and Update Support Ended After Irrefutable Evidence Uncovered Flaw in Intel Chips. The information about the Spectre attacks came to light back in January 2018. Intel and other technology firms and vendors were made aware of research findings by Paul Kocher from Spectreattack.com and Jann Horn from Google Project&hellip;","og_url":"https:\/\/www.ntegrait.com\/billions-of-computer-devices-wont-get-intels-spectre-fix\/","og_site_name":"IT Services in Virginia","article_published_time":"2018-08-17T19:19:33+00:00","article_modified_time":"2024-02-06T13:49:58+00:00","og_image":[{"width":509,"height":338,"url":"https:\/\/www.ntegrait.com\/wp-content\/uploads\/2018\/08\/ThinkstockPhotos-902635152.jpg","type":"image\/jpeg"}],"author":"Steve West","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Steve West","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.ntegrait.com\/billions-of-computer-devices-wont-get-intels-spectre-fix\/","url":"https:\/\/www.ntegrait.com\/billions-of-computer-devices-wont-get-intels-spectre-fix\/","name":"Billions of Computer Devices Won\u2019t Get Intel\u2019s Spectre Fix - IT Services in Virginia","isPartOf":{"@id":"https:\/\/www.ntegrait.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.ntegrait.com\/billions-of-computer-devices-wont-get-intels-spectre-fix\/#primaryimage"},"image":{"@id":"https:\/\/www.ntegrait.com\/billions-of-computer-devices-wont-get-intels-spectre-fix\/#primaryimage"},"thumbnailUrl":"https:\/\/ntegrait.com\/wp-content\/uploads\/2018\/08\/ThinkstockPhotos-902635152.jpg","datePublished":"2018-08-17T19:19:33+00:00","dateModified":"2024-02-06T13:49:58+00:00","author":{"@id":"https:\/\/www.ntegrait.com\/#\/schema\/person\/33156c118f002b88019c3fc70441bf79"},"breadcrumb":{"@id":"https:\/\/www.ntegrait.com\/billions-of-computer-devices-wont-get-intels-spectre-fix\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.ntegrait.com\/billions-of-computer-devices-wont-get-intels-spectre-fix\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ntegrait.com\/billions-of-computer-devices-wont-get-intels-spectre-fix\/#primaryimage","url":"https:\/\/ntegrait.com\/wp-content\/uploads\/2018\/08\/ThinkstockPhotos-902635152.jpg","contentUrl":"https:\/\/ntegrait.com\/wp-content\/uploads\/2018\/08\/ThinkstockPhotos-902635152.jpg","width":509,"height":338},{"@type":"BreadcrumbList","@id":"https:\/\/www.ntegrait.com\/billions-of-computer-devices-wont-get-intels-spectre-fix\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/ntegrait.com\/"},{"@type":"ListItem","position":2,"name":"Billions of Computer Devices Won\u2019t Get Intel\u2019s Spectre Fix"}]},{"@type":"WebSite","@id":"https:\/\/www.ntegrait.com\/#website","url":"https:\/\/www.ntegrait.com\/","name":"IT Services in Virginia","description":"Ntegra IT","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.ntegrait.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.ntegrait.com\/#\/schema\/person\/33156c118f002b88019c3fc70441bf79","name":"Steve West","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ntegrait.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/3cc273f166c78aca895198956663df42?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3cc273f166c78aca895198956663df42?s=96&d=mm&r=g","caption":"Steve West"},"description":"Ntegra IT is devoted to providing reliable Computer Support to businesses that want to improve productivity and profitability. We deliver custom designed Network Services that better map to your business, so you can stop worrying about your technology and get back to achieving your business goals.","url":"https:\/\/ntegrait.com\/author\/swestntegrait-com\/"}]}},"_links":{"self":[{"href":"https:\/\/ntegrait.com\/wp-json\/wp\/v2\/posts\/179410","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ntegrait.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ntegrait.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ntegrait.com\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/ntegrait.com\/wp-json\/wp\/v2\/comments?post=179410"}],"version-history":[{"count":3,"href":"https:\/\/ntegrait.com\/wp-json\/wp\/v2\/posts\/179410\/revisions"}],"predecessor-version":[{"id":181578,"href":"https:\/\/ntegrait.com\/wp-json\/wp\/v2\/posts\/179410\/revisions\/181578"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ntegrait.com\/wp-json\/wp\/v2\/media\/158894"}],"wp:attachment":[{"href":"https:\/\/ntegrait.com\/wp-json\/wp\/v2\/media?parent=179410"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ntegrait.com\/wp-json\/wp\/v2\/categories?post=179410"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ntegrait.com\/wp-json\/wp\/v2\/tags?post=179410"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}